夜火博客

MS08-067 - MS Windows Server Service Code Execution PoC

2008-10-24 22:16:57  分类:漏洞信息  作者:xloong 已被围观loading 次 被网友评论0条 我要评论

MS08-067 - MS Windows Server Service Code Execution PoC

In vstudio command prompt:

mk.bat

next:

attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/...)

net use \\IPADDRESS\IPC$ /user:user creds
die \\IPADDRESS \pipe\srvsvc

In some cases, /user:"" "", will suffice (i.e., anonymous connection)

You should get EIP -> 00 78 00 78, a stack overflow (like a guard page
violation), access violation, etc. However, in some cases, you will get
nothing.

This is because it depends on the state of the stack prior to the "overflow".
You need a slash on the stack prior to the input buffer.

So play around a bit, you'll get it working reliably...

poc:
http://milw0rm.com/sploits/2008-ms08-067.zip

# milw0rm.com [2008-10-23]

update:

第一个MS08-067 exploit 利用代码公布：
MS08-067 Exploit for CN 2k/xp/2003 bypass version

cnqing的.net带界面版本：
MS08-067 Exploit for CN 2k/xp/2003 .net version

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
如原创文章转载，请注明： 转自：夜火博客 [ http://www.15897.com/ ]

本文链接地址： http://www.15897.com/blog/post/MS08-067.html

Tags: 漏洞信息   PoC   Windows  

已有0位网友对本文做了一针见血的评论 【我要评论】